How to Fix CVE-2022-20968- Stack Overflow Vulnerability in Cisco IP Phones?

On Thursday, Cisco released important news for its customers about CVE-2022-20968- a high-severity vulnerability that affects some of its IP phones, and that it is working on its patches. The company says it’s unaware of any malicious attacks exploiting the vulnerability, but it has been “publicly discussed,” and a proof-of-concept (PoC) exploit is available. 

Cisco was reported of this vulnerability by Qian Chen of the Codesafe Team of Legendsec at the Chinese cybersecurity firm Qi’anxin Group. Cisco released a patch for the vulnerability in January 2023. However, in the meantime, the company provided a mitigation that could be used until the patch was released.

This blog post will discuss the CVE-2022-20968-stack overflow vulnerability in IP phones in detail and the steps on how to Fix CVE-2022-20968. 

A Short Note About Cisco Discovery Protocol

CDP, or Cisco Discovery Protocol, is a proprietary protocol developed by Cisco that allows network devices to discover and collect information about directly connected neighbor devices. It operates on the data link layer and can run on all media supporting Subnetwork Access Protocol (SNAP).

CDP has two versions: 

How does CDP work?

Cisco devices periodically transmit CDP packets, which advertise a time-to-live (TTL) value indicating the number of seconds the packet must be retained before it can be discarded. CDP packets are sent with a nonzero TTL value when an interface is enabled and a TTL value of zero immediately before an interface is down. 

All Cisco devices receive and process CDP packets, caching the information in the packet. If there are changes from the last received packet, the new information is cached, and the older information is discarded, even if its TTL value has not expired.

Summary of CVE-2022-20968

CVE-2022-20986 is a security vulnerability present in Cisco IP Phones. An unauthenticated attacker could exploit this vulnerability close to the device. The attacker could cause a w on the affected device by sending malicious Cisco Discovery Protocol packets. 

The vulnerability is due to a lack of proper input validation when processing such packets. If the exploit is successful, it could result in a denial of service (DoS) condition or allow the attacker to execute code on the affected device remotely. 

Products Vulnerable to CVE-2022-20968

The following are the products affected by CVE-2022-20968:

How to Fix CVE-2022-20968- Stack Overflow Vulnerability in Cisco IP Phones?

To address this Vulnerability in Cisco IP Phones, Cisco advises upgrading the current phone software to the latest one. Cisco has released free software updates that you can obtain through their usual update channels, provided you have service contracts that entitle them to regular software updates.

Some key considerations before upgrading the software include: 

How to Upgrade Cisco IP Phone Firmware 14.2.1?

To upgrade Cisco IP Phone firmware 14.2.1, follow the steps given below: 

Step 1. Determine the Model and Version

1. Press the Applications button on your Cisco IP Phone.2. Navigate to Status using the Navigation cluster button and Select.3. Select Product information from the given options and then press Select.4. Take note of your phone’s product name/model number.

Step 2. Download the Latest Firmware

1. Go to the Downloads page of the Cisco website on your computer.2. Choose Products, then go to the Collaboration Endpoints, then IP Phones, and then IP Phone 3. 8800 Series or IP Phone 7800 Series.4. Select the exact model of your device.5. Click the Session Initiation Protocol (SIP) Software link as the Software Type.
Choose the software you need to download for your product.6. Click Download.
7. Read the Cisco End User License Agreement link and click Accept License Agreement.8. Extract the downloaded file and take note of the location where it is extracted.

Step 3. Upgrade the Firmware

1. Determine the IP address of your IP Phone by pressing the Applications button.2. Navigate to Status and press Select.
3. Navigate to Network status and press Select.4. Look for the IP address and take note of it.5. Launch a browser on your computer and enter the following format in the Address bar: http://<phone_ip>/admin/upgrade?<schema>://<serv_ip[: port]>/filename, then press the Enter key.

Note: Wait for the phone to finish upgrading. The phone may restart a couple of times during the firmware upgrade process. Do not power down the phone while the process is in progress.

Step 4. Verify the Firmware Version

1. Press the Applications button on your IP Phone.2. Navigate to Status and press Select.
3. Navigate to Product information and press Select.
4. Check the Software version area and verify that the software you downloaded is now on the phone.

Wrapping Up

CVE-2022-20968 is a high-risk software vulnerability that should be addressed immediately. To fix this Vulnerability in Cisco IP Phones, Cisco suggests upgrading the versions. To help you learn how to fix CVE-2022-20968, we have mentioned detailed steps above that you can follow and stay safe. 

We hope this post would help you know know how to fix CVE-2022-20968- Stack Overflow Vulnerability in Cisco IP Phones. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.